[jira] [Updated] (YARN-694) AM uses the NMToken to authenticate all communication with NM. NM remembers and updates token across RM restart

2013-06-13 Thread Omkar Vinit Joshi (JIRA) 

 [ 
https://issues.apache.org/jira/browse/YARN-694?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Omkar Vinit Joshi updated YARN-694:
---

Attachment: YARN-694-20130613.patch

 AM uses the NMToken to authenticate all communication with NM. NM remembers 
 and updates token across RM restart
 ---

 Key: YARN-694
 URL: https://issues.apache.org/jira/browse/YARN-694
 Project: Hadoop YARN
  Issue Type: Bug
Reporter: Omkar Vinit Joshi
Assignee: Omkar Vinit Joshi
 Attachments: YARN-694-20130613.patch


 AM uses the NMToken to authenticate all the AM-NM communication.
 NM will validate NMToken in below manner
 * If NMToken is using current or previous master key then the NMToken is 
 valid. In this case it will update its cache with this key corresponding to 
 appId.
 * If NMToken is using the master key which is present in NM's cache 
 corresponding to AM's appId then it will be validated based on this.
 * If NMToken is invalid then NM will reject AM calls.
 Modification for ContainerToken
 * At present RPC validates AM-NM communication based on ContainerToken. It 
 will be replaced with NMToken. Also now onwards AM will use NMToken per NM 
 (replacing earlier behavior of ContainerToken per container per NM).
 * startContainer in case of Secured environment is using ContainerToken from 
 UGI YARN-617; however after this it will use it from the payload (Container).
 * ContainerToken will exist and it will only be used to validate the AM's 
 container start request.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (YARN-694) AM uses the NMToken to authenticate all communication with NM. NM remembers and updates token across RM restart

2013-05-31 Thread Omkar Vinit Joshi (JIRA) 

 [ 
https://issues.apache.org/jira/browse/YARN-694?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Omkar Vinit Joshi updated YARN-694:
---

Summary: AM uses the NMToken to authenticate all communication with NM. NM 
remembers and updates token across RM restart  (was: AM uses the AMNMToken to 
authenticate all communication with NM. NM remembers and updates token across 
RM restart)

 AM uses the NMToken to authenticate all communication with NM. NM remembers 
 and updates token across RM restart
 ---

 Key: YARN-694
 URL: https://issues.apache.org/jira/browse/YARN-694
 Project: Hadoop YARN
  Issue Type: Bug
Reporter: Omkar Vinit Joshi
Assignee: Omkar Vinit Joshi

 AM uses the AMNMToken to authenticate all the AM-NM communication.
 NM will validate AMNMToken in below manner
 * If AMNMToken is using current or previous master key then the AMNMToken is 
 valid. In this case it will update its cache with this key corresponding to 
 appId.
 * If AMNMToken is using the master key which is present in NM's cache 
 corresponding to AM's appId then it will be validated based on this.
 * If AMNMToken is invalid then NM will reject AM calls.
 Modification for ContainerToken
 * At present RPC validates AM-NM communication based on ContainerToken. It 
 will be replaced with AMNMToken. Also now onwards AM will use AMNMToken per 
 NM (replacing earlier behavior of ContainerToken per container per NM).
 * startContainer in case of Secured environment is using ContainerToken from 
 UGI YARN-617; however after this it will use it from the payload (Container).
 * ContainerToken will exist and it will only be used to validate the AM's 
 container start request.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (YARN-694) AM uses the NMToken to authenticate all communication with NM. NM remembers and updates token across RM restart

2013-05-31 Thread Omkar Vinit Joshi (JIRA) 

 [ 
https://issues.apache.org/jira/browse/YARN-694?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Omkar Vinit Joshi updated YARN-694:
---

Description: 
AM uses the NMToken to authenticate all the AM-NM communication.
NM will validate NMToken in below manner
* If NMToken is using current or previous master key then the NMToken is valid. 
In this case it will update its cache with this key corresponding to appId.
* If NMToken is using the master key which is present in NM's cache 
corresponding to AM's appId then it will be validated based on this.
* If NMToken is invalid then NM will reject AM calls.

Modification for ContainerToken
* At present RPC validates AM-NM communication based on ContainerToken. It will 
be replaced with NMToken. Also now onwards AM will use NMToken per NM 
(replacing earlier behavior of ContainerToken per container per NM).
* startContainer in case of Secured environment is using ContainerToken from 
UGI YARN-617; however after this it will use it from the payload (Container).
* ContainerToken will exist and it will only be used to validate the AM's 
container start request.

  was:
AM uses the AMNMToken to authenticate all the AM-NM communication.
NM will validate AMNMToken in below manner
* If AMNMToken is using current or previous master key then the AMNMToken is 
valid. In this case it will update its cache with this key corresponding to 
appId.
* If AMNMToken is using the master key which is present in NM's cache 
corresponding to AM's appId then it will be validated based on this.
* If AMNMToken is invalid then NM will reject AM calls.

Modification for ContainerToken
* At present RPC validates AM-NM communication based on ContainerToken. It will 
be replaced with AMNMToken. Also now onwards AM will use AMNMToken per NM 
(replacing earlier behavior of ContainerToken per container per NM).
* startContainer in case of Secured environment is using ContainerToken from 
UGI YARN-617; however after this it will use it from the payload (Container).
* ContainerToken will exist and it will only be used to validate the AM's 
container start request.


 AM uses the NMToken to authenticate all communication with NM. NM remembers 
 and updates token across RM restart
 ---

 Key: YARN-694
 URL: https://issues.apache.org/jira/browse/YARN-694
 Project: Hadoop YARN
  Issue Type: Bug
Reporter: Omkar Vinit Joshi
Assignee: Omkar Vinit Joshi

 AM uses the NMToken to authenticate all the AM-NM communication.
 NM will validate NMToken in below manner
 * If NMToken is using current or previous master key then the NMToken is 
 valid. In this case it will update its cache with this key corresponding to 
 appId.
 * If NMToken is using the master key which is present in NM's cache 
 corresponding to AM's appId then it will be validated based on this.
 * If NMToken is invalid then NM will reject AM calls.
 Modification for ContainerToken
 * At present RPC validates AM-NM communication based on ContainerToken. It 
 will be replaced with NMToken. Also now onwards AM will use NMToken per NM 
 (replacing earlier behavior of ContainerToken per container per NM).
 * startContainer in case of Secured environment is using ContainerToken from 
 UGI YARN-617; however after this it will use it from the payload (Container).
 * ContainerToken will exist and it will only be used to validate the AM's 
 container start request.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira